From 308e7d8e9de4278d35b46bcbb3b7db778d740509 Mon Sep 17 00:00:00 2001 From: Adrien Date: Sat, 19 Dec 2020 12:31:22 +0100 Subject: [PATCH 1/6] Add log for fix --- fix_ansible.txt | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 fix_ansible.txt diff --git a/fix_ansible.txt b/fix_ansible.txt new file mode 100644 index 0000000..d3e458c --- /dev/null +++ b/fix_ansible.txt @@ -0,0 +1,33 @@ +TASK [kubernetes : Init Kubernetes on Saturne] ********************************************************************************************************************************************************************** +fatal: [Saturne]: FAILED! => changed=true + cmd: + - kubeadm + - init + - --config=/root/kubeadm-config.yaml + delta: '0:00:00.608823' + end: '2020-09-14 00:40:32.622035' + msg: non-zero return code + rc: 1 + start: '2020-09-14 00:40:32.013212' + stderr: |- + W0914 00:40:32.046191 87590 common.go:77] your configuration file uses a deprecated API spec: "kubeadm.k8s.io/v1beta1". Please use 'kubeadm config migrate --old-config old.yaml --new-config new.yaml', which will write the new, similar spec using a newer API version. + W0914 00:40:32.048247 87590 strict.go:54] error unmarshaling configuration schema.GroupVersionKind{Group:"kubelet.config.k8s.io", Version:"v1beta1", Kind:"KubeletConfiguration"}: error unmarshaling JSON: while decoding JSON: json: unknown field "containerRuntime" + W0914 00:40:32.486840 87590 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io] + [WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly + [WARNING FileExisting-tc]: tc not found in system path + [WARNING Hostname]: hostname "saturne" could not be reached + [WARNING Hostname]: hostname "saturne": lookup saturne on 213.186.33.99:53: no such host + error execution phase preflight: [preflight] Some fatal errors occurred: + [ERROR DirAvailable--var-lib-etcd]: /var/lib/etcd is not empty + [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` + To see the stack trace of this error execute with --v=5 or higher + stderr_lines: + stdout: |- + [config] WARNING: Ignored YAML document with GroupVersionKind kubeadm.k8s.io/v1beta2, Kind=JoinConfiguration + [init] Using Kubernetes version: v1.19.1 + [preflight] Running pre-flight checks + stdout_lines: + +PLAY RECAP ********************************************************************************************************************************************************************************************************** +Saturne : ok=85 changed=7 unreachable=0 failed=1 skipped=48 rescued=0 ignored=0 + -- 2.49.1 From 1aaa06d1b6969cab503ef28f5e7faeba09c272d6 Mon Sep 17 00:00:00 2001 From: Adrien Date: Tue, 22 Dec 2020 13:04:20 +0100 Subject: [PATCH 2/6] Update k3s version to 1.20.0-k3s2 --- tasks/cluster_k3s.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/cluster_k3s.yml b/tasks/cluster_k3s.yml index c93d09a..8fd8c9e 100644 --- a/tasks/cluster_k3s.yml +++ b/tasks/cluster_k3s.yml @@ -13,7 +13,7 @@ - name: retreive k3s binary for x86_64 get_url: - url: "https://github.com/rancher/k3s/releases/download/v1.19.5%2Bk3s2/k3s" + url: "https://github.com/rancher/k3s/releases/download/v1.20.0%2Bk3s2/k3s" dest: "/usr/local/bin/k3s" group: root owner: root @@ -24,7 +24,7 @@ - name: retreive k3s binary for arm64 get_url: - url: "https://github.com/rancher/k3s/releases/download/v1.19.5%2Bk3s2/k3s-arm64" + url: "https://github.com/rancher/k3s/releases/download/v1.20.0%2Bk3s2/k3s-arm64" dest: "/usr/local/bin/k3s" group: root owner: root @@ -35,7 +35,7 @@ - name: retreive k3s binary for armv6/armv7 get_url: - url: "https://github.com/rancher/k3s/releases/download/v1.19.5%2Bk3s2/k3s-armhf" + url: "https://github.com/rancher/k3s/releases/download/v1.20.0%2Bk3s2/k3s-armhf" dest: "/usr/local/bin/k3s" group: root owner: root -- 2.49.1 From 65004dbca6aceb8bf25e6fdb43519c585b999176 Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Sat, 9 Jan 2021 10:42:15 +0100 Subject: [PATCH 3/6] Update kubernetes version to v1.20.1 --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 09766e1..3bbf3a5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,4 +5,4 @@ kubernetes_server: false # value for kuberntes_network: flannel, calico, weave-net #kubernetes_network: weave-net kubernetes_kubeproxy_mode: ipvs -kubernetes_version: 1.19.4 +kubernetes_version: 1.20.1 -- 2.49.1 From b5f5566b7af42da75f757c236ff8b938f3e65c03 Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Fri, 15 Jan 2021 00:47:02 +0100 Subject: [PATCH 4/6] Update API in template --- templates/kubeadm-config.yaml.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/kubeadm-config.yaml.j2 b/templates/kubeadm-config.yaml.j2 index 2d90758..9a95c08 100644 --- a/templates/kubeadm-config.yaml.j2 +++ b/templates/kubeadm-config.yaml.j2 @@ -72,7 +72,7 @@ nodeRegistration: ignorePreflightErrors: - SystemVerification --- -apiVersion: kubeadm.k8s.io/v1beta1 +apiVersion: kubeadm.k8s.io/v1beta2 kind: ClusterConfiguration kubernetesVersion: stable {% if lbip_kubeapiserver is defined %} -- 2.49.1 From a4b0c9fc8197c6fa3e5677c09fb29b6d22c913db Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Fri, 15 Jan 2021 00:57:31 +0100 Subject: [PATCH 5/6] Update k3s to latest version (1.20.2-k3s1) --- tasks/cluster_k3s.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/cluster_k3s.yml b/tasks/cluster_k3s.yml index 8fd8c9e..9727eb0 100644 --- a/tasks/cluster_k3s.yml +++ b/tasks/cluster_k3s.yml @@ -13,7 +13,7 @@ - name: retreive k3s binary for x86_64 get_url: - url: "https://github.com/rancher/k3s/releases/download/v1.20.0%2Bk3s2/k3s" + url: "https://github.com/rancher/k3s/releases/download/v1.20.2%2Bk3s1/k3s" dest: "/usr/local/bin/k3s" group: root owner: root @@ -24,7 +24,7 @@ - name: retreive k3s binary for arm64 get_url: - url: "https://github.com/rancher/k3s/releases/download/v1.20.0%2Bk3s2/k3s-arm64" + url: "https://github.com/rancher/k3s/releases/download/v1.20.2%2Bk3s1/k3s-arm64" dest: "/usr/local/bin/k3s" group: root owner: root @@ -35,7 +35,7 @@ - name: retreive k3s binary for armv6/armv7 get_url: - url: "https://github.com/rancher/k3s/releases/download/v1.20.0%2Bk3s2/k3s-armhf" + url: "https://github.com/rancher/k3s/releases/download/v1.20.2%2Bk3s1/k3s-armhf" dest: "/usr/local/bin/k3s" group: root owner: root -- 2.49.1 From cecb684e05dc20e5efa8df1e89680a2440adabd7 Mon Sep 17 00:00:00 2001 From: Adrien Reslinger Date: Mon, 18 Jan 2021 22:53:35 +0100 Subject: [PATCH 6/6] Fix bugs, Update for EL8 --- fix_ansible.txt | 33 ----------------- tasks/cluster_kubeadm.yml | 36 +++++++++++++------ tasks/install_server.yml | 9 +++-- templates/etc/modules-load.d/ipvs.conf.j2 | 4 +++ templates/etc/sysconfig/kubelet.j2 | 2 +- .../0-kubelet-extra-args.conf.j2 | 2 +- 6 files changed, 37 insertions(+), 49 deletions(-) delete mode 100644 fix_ansible.txt diff --git a/fix_ansible.txt b/fix_ansible.txt deleted file mode 100644 index d3e458c..0000000 --- a/fix_ansible.txt +++ /dev/null @@ -1,33 +0,0 @@ -TASK [kubernetes : Init Kubernetes on Saturne] ********************************************************************************************************************************************************************** -fatal: [Saturne]: FAILED! => changed=true - cmd: - - kubeadm - - init - - --config=/root/kubeadm-config.yaml - delta: '0:00:00.608823' - end: '2020-09-14 00:40:32.622035' - msg: non-zero return code - rc: 1 - start: '2020-09-14 00:40:32.013212' - stderr: |- - W0914 00:40:32.046191 87590 common.go:77] your configuration file uses a deprecated API spec: "kubeadm.k8s.io/v1beta1". Please use 'kubeadm config migrate --old-config old.yaml --new-config new.yaml', which will write the new, similar spec using a newer API version. - W0914 00:40:32.048247 87590 strict.go:54] error unmarshaling configuration schema.GroupVersionKind{Group:"kubelet.config.k8s.io", Version:"v1beta1", Kind:"KubeletConfiguration"}: error unmarshaling JSON: while decoding JSON: json: unknown field "containerRuntime" - W0914 00:40:32.486840 87590 configset.go:348] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io] - [WARNING Firewalld]: firewalld is active, please ensure ports [6443 10250] are open or your cluster may not function correctly - [WARNING FileExisting-tc]: tc not found in system path - [WARNING Hostname]: hostname "saturne" could not be reached - [WARNING Hostname]: hostname "saturne": lookup saturne on 213.186.33.99:53: no such host - error execution phase preflight: [preflight] Some fatal errors occurred: - [ERROR DirAvailable--var-lib-etcd]: /var/lib/etcd is not empty - [preflight] If you know what you are doing, you can make a check non-fatal with `--ignore-preflight-errors=...` - To see the stack trace of this error execute with --v=5 or higher - stderr_lines: - stdout: |- - [config] WARNING: Ignored YAML document with GroupVersionKind kubeadm.k8s.io/v1beta2, Kind=JoinConfiguration - [init] Using Kubernetes version: v1.19.1 - [preflight] Running pre-flight checks - stdout_lines: - -PLAY RECAP ********************************************************************************************************************************************************************************************************** -Saturne : ok=85 changed=7 unreachable=0 failed=1 skipped=48 rescued=0 ignored=0 - diff --git a/tasks/cluster_kubeadm.yml b/tasks/cluster_kubeadm.yml index dca5102..c15325d 100644 --- a/tasks/cluster_kubeadm.yml +++ b/tasks/cluster_kubeadm.yml @@ -30,7 +30,7 @@ when: - kubernetes_kubeproxy_mode == "ipvs" -- name: Load IPVS kernel module +- name: Load IPVS kernel module for EL7 modprobe: name: "{{ item }}" state: present @@ -43,6 +43,23 @@ - nf_conntrack_ipv6 when: - kubernetes_kubeproxy_mode == "ipvs" + - ansible_os_family == "RedHat" + - ansible_distribution_major_version == '7' + +- name: Load IPVS kernel module for EL8 + modprobe: + name: "{{ item }}" + state: present + with_items: + - ip_vs + - ip_vs_rr + - ip_vs_wrr + - ip_vs_sh + - nf_conntrack + when: + - kubernetes_kubeproxy_mode == "ipvs" + - ansible_os_family == "RedHat" + - ansible_distribution_major_version == '8' - name: Create thin volumes for kubernetes lvol: @@ -182,16 +199,12 @@ when: - groups['KubernetesMasterConfigured'] is not defined - groups['KubernetesMasters'][0] == ansible_hostname - - kubeadm_version_major.stdout | int == 1 - - kubeadm_version_minor.stdout | int >= 15 - name: Init Kubernetes on {{ groups['KubernetesMasters'][0] }} command: kubeadm init --config=/root/kubeadm-config.yaml when: - groups['KubernetesMasterConfigured'] is not defined - groups['KubernetesMasters'][0] == ansible_hostname - - kubeadm_version_major.stdout | int == 1 - - kubeadm_version_minor.stdout | int >= 15 - name: Add {{ ansible_hostname }} to KubernetesMasterConfigured group group_by: @@ -208,6 +221,8 @@ register: server_enrolled changed_when: False ignore_errors: yes + when: + - groups['KubernetesMasterConfigured'] is not defined #- name: Deploy kubeadm config # template: @@ -218,8 +233,6 @@ # mode: 600 # when: # - not groups['KubernetesMasters'][0] == ansible_hostname -# - kubeadm_version_major.stdout | int == 1 -# - kubeadm_version_minor.stdout | int >= 15 # - server_enrolled.rc == 1 - name: Retreive certificats key on {{ lb_kubemaster }} @@ -227,16 +240,16 @@ register: kubernetes_certificateKey delegate_to: "{{ lb_kubemaster }}" when: + - groups['KubernetesMasterConfigured'] is not defined - server_enrolled.rc == 1 - kubernetes_master|bool - - kubeadm_version_major.stdout | int == 1 - - kubeadm_version_minor.stdout | int >= 15 - name: Retreive token on "{{ lb_kubemaster }}" command: kubeadm token create register: kubetoken delegate_to: "{{ lb_kubemaster }}" when: + - groups['KubernetesMasterConfigured'] is not defined - server_enrolled.rc == 1 - name: Retreive hash certificat @@ -249,6 +262,7 @@ register: cacerthash delegate_to: "{{ lb_kubemaster }}" when: + - groups['KubernetesMasterConfigured'] is not defined - server_enrolled.rc == 1 - name: Deploy kubeadm config @@ -259,11 +273,11 @@ group: root mode: 0600 when: + - groups['KubernetesMasterConfigured'] is not defined - server_enrolled.rc == 1 - name: Join '{{ ansible_hostname }}' to Kubernetes cluster command: kubeadm join --config=/root/kubeadm-config.yaml when: - - kubeadm_version_major.stdout | int == 1 - - kubeadm_version_minor.stdout | int >= 15 + - groups['KubernetesMasterConfigured'] is not defined - server_enrolled.rc == 1 diff --git a/tasks/install_server.yml b/tasks/install_server.yml index 7fb8a12..0dac5ad 100644 --- a/tasks/install_server.yml +++ b/tasks/install_server.yml @@ -100,12 +100,15 @@ # - kubernetes_master|bigip_pool - name: Check if a node is still tainted - command: kubectl get nodes '{{ ansible_hostname | lower }}' -o jsonpath='{.spec.taints}' - when: kubernetes_master_taint + command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes '{{ ansible_hostname | lower }}' -o jsonpath='{.spec.taints}' register: current_taint + when: + - kubernetes_master_taint|bool - name: taint the machine if needed # command: kubectl --kubeconfig=/etc/kubernetes/admin.conf taint nodes --all node-role.kubernetes.io/master- command: kubectl taint nodes '{{ ansible_hostname | lower }}' node-role.kubernetes.io/master- - when: kubernetes_master_taint|bool and current_taint.stdout + when: + - kubernetes_master_taint|bool + - current_taint.stdout diff --git a/templates/etc/modules-load.d/ipvs.conf.j2 b/templates/etc/modules-load.d/ipvs.conf.j2 index 3ba283c..85753cc 100644 --- a/templates/etc/modules-load.d/ipvs.conf.j2 +++ b/templates/etc/modules-load.d/ipvs.conf.j2 @@ -2,5 +2,9 @@ ip_vs ip_vs_rr ip_vs_wrr ip_vs_sh +{% if ansible_os_family == "RedHat" and ansible_distribution_major_version == '8' %} +nf_conntrack +{% elif ansible_os_family == "RedHat" and ansible_distribution_major_version == '7' %} nf_conntrack_ipv4 nf_conntrack_ipv6 +{% endif %} \ No newline at end of file diff --git a/templates/etc/sysconfig/kubelet.j2 b/templates/etc/sysconfig/kubelet.j2 index f7d16d3..b02129d 100644 --- a/templates/etc/sysconfig/kubelet.j2 +++ b/templates/etc/sysconfig/kubelet.j2 @@ -1,2 +1,2 @@ #https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/#feature-gates -KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint={% if kubernetes_cri == "containerd" %}unix:///run/containerd/containerd.sock{% elif kubernetes_cri == "cri-o" %}unix:///var/run/crio/crio.sock{% endif %} --node-ip={{ ansible_eth0.ipv4.address }}" +KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint={% if kubernetes_cri == "containerd" %}unix:///run/containerd/containerd.sock{% elif kubernetes_cri == "cri-o" %}unix:///var/run/crio/crio.sock{% endif %} --node-ip={{ ansible_default_ipv4.address }}" diff --git a/templates/etc/systemd/system/kubelet.service.d/0-kubelet-extra-args.conf.j2 b/templates/etc/systemd/system/kubelet.service.d/0-kubelet-extra-args.conf.j2 index 7c704b9..e6f3596 100644 --- a/templates/etc/systemd/system/kubelet.service.d/0-kubelet-extra-args.conf.j2 +++ b/templates/etc/systemd/system/kubelet.service.d/0-kubelet-extra-args.conf.j2 @@ -1,2 +1,2 @@ [Service] -Environment=KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint={% if kubernetes_cri == "containerd" %}unix:///run/containerd/containerd.sock{% elif kubernetes_cri == "cri-o" %}unix:///var/run/crio/crio.sock{% endif %} --node-ip={{ ansible_eth0.ipv4.address }}" +Environment=KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint={% if kubernetes_cri == "containerd" %}unix:///run/containerd/containerd.sock{% elif kubernetes_cri == "cri-o" %}unix:///var/run/crio/crio.sock{% endif %} --node-ip={{ ansible_default_ipv4.address }}" -- 2.49.1